Data privacy

INFORMATION ON THE HANDLING OF YOUR DATA 

An obligation under the General Data Protection Regulation.

1. BASIC INFORMATION
1.1 Who is responsible for processing my data?
The person responsible for data processing is
Häcker Kitchens GmbH & Co. KG
Werkstraße 3, 32289 Rödinghausen, Germany
Tel: 05746/940-0 Fax: 05746/940301
E-mail: info(at)haecker-kuechen.de

1.2 How can I reach the company's data protection officer?
The data protection officer can be reached as follows:
E-mail: dsb@haecker-kuechen.de 

1.3 Which authority is responsible for control and compliance with data protection law?
Responsible data protection supervisory authority
The State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia    
PO Box 200444, 40102 Düsseldorf 
Phone: +49 (0211) 384240 E-mail: poststelle@ldi.nrw.de 

2. WHAT IS PERSONAL DATA?3. PRELIMINARY REMARK
All information that relates to an identified or identifiable person. A person is identifiable if he or she can be identified directly or indirectly. This can be done, for example, by assigning an identifier such as a name, an identification number, location data, an online identifier or one or more special characteristics.      

3. PREFACE
The following points are intended to provide you with information about your data. You will find these data protection statements below: 

  •   Website
  •   Customers and interested parties
  •   Applicants

The legislator has specified what information is required in this regard.
If you want to know more about this, you can find it in the General Data Protection Regulation in Articles 12 to 22 and 34. The text of the General Data Protection Regulation is available on the Internet at the following address: https://dsgvo-gesetz.de/. If you have any further questions about the General Data Protection Regulation, you can contact the Data Protection Officer and/or the administration at any time.

4.1.1 Why does the company process my data?
The generation of anonymised data is carried out in a standardised manner by our website provider, which currently cannot be deactivated by us. When using our forms, the data is collected to clarify the request and to contact you. 

4.1.2 Why is the company allowed to process my data?
The applicable data protection law (=EU General Data Protection Regulation) permits the processing of your data (=personal data) if we have a legitimate interest (see 4.1)
and can assume that you have no serious objections (Legitimate Interest Article 6 (1) lit. f DSGVO).

4.1.3 What data is collected from me?
The following data may be collected from you: 

  • IP address in anonymised form is used to determine the location of the access.
  • Referrer (previously visited website)
  • Requested website or file 
  • Browser type and browser version
  • Operating system used
  • Type of device used
  • Time of access

When using our forms, the following data is collected - depending on the respective form - based on our legitimate interest in providing you with the requested service:

  • Salutation
  • Your contract partner (optional)
  • Organisation
  • First name (optional)
  • Name
  • Street / No. (optional)
  • PO Box (optional)
  • POSTCODE
  • City (optional)
  • Country
  • Telephone (optional)
  • Email
  • Topic selection
  • Message
  • Remarks (optional)

4.1.4 Who can receive data from me?
As part of the processing, your anonymised data may be accessed by our website provider, which is contractually bound. 
When using the dealer form, the data may also be forwarded to the appropriate dealer. When ordering brochures and applying as a supplier, the data may be passed on within our company if you have consented to this.

4.1.5 In which statistics will my data be used?
The following anonymised statistics are provided to us by our website provider:

  • Visitor numbers: Visitors, sessions, page views and search engine robots.
  • Visitor behaviour: Duration per session, page views per session and bounce rate.
  • Page analysis: entry pages, exit pages, error pages, most visited pages, high bounce rate pages and search terms.
  • Origin pages: All origin pages and referring pages.
  • Visitor Sites
  • Browsers & Systems: Browsers, browser versions, operating systems and operating system versions.

4.1.6 Will you transfer data from me to countries outside the European Union?
Within the framework of the Vimeo applications and the Google applications (see point 4.1.11), your data may be transmitted outside the European Union (USA and New Zealand). Legal basis: Article 6 (1) sentence 1 lit. a DSGVO, Article 49 (1) lit. a DSGVO. The inspection by US authorities cannot be ruled out.

4.1.7 How long will you store my data?  
Google Analytics: If you have consented, the retention period is 26 months.

  • IP addresses in access logs: Anonymisation takes place after one day. The retention period is 60 days.
  • IP addresses in error logs: The retention period is 7 days
  • Data on e-mails sent by the web server in log files: Anonymisation takes place after one day. The retention period is 60 days.
  • Vimeo: 

We store your data to send the ordered brochures and to process the dealer form for the time we need it to achieve the purposes outlined in 4.1.1 above. However, there are legal regulations (e.g. the German Fiscal Code § 147) that require us to keep certain documents for six or ten years. After the retention period has expired, we delete data that is no longer required. 
If your application to become a supplier is successful, your data will be stored in our system. If no business relationship is established, your data will be deleted immediately after a rejection is issued.

4.1.8 Do I have to provide my data?
In order to achieve the purposes outlined in point 4.1.1 (clarification of the request and establishment of contact), it is necessary for you to provide us with your personal data. If you do not provide us with your data, we will not be able to send you a brochure or recommend a dealer.
This is absolutely necessary for the conclusion and execution of the contract with you and is also required by law. If you do not provide us with your data, we will not be able to conclude a contract with you. Otherwise, there is no obligation - of any kind whatsoever - to provide your personal data.

4.1.9 Automated decision-making / profiling
Automatic decision-making / profiling does not take place.

4.1.10 Origin of data 
We obtain the data through your visit to our websites or through your voluntary information.

4.1.11 Cookies
We only use session cookies for user guidance. These are small text files that are temporarily placed on your computer and stored on your browser, e.g. for login or more comfortable use of our website. Session cookies are automatically deleted when you close your browser.
you close your browser. You can set your browser to inform you about the placement of cookies.
placement of cookies. This makes the use of cookies transparent for you. The placement of session cookies is based on our legitimate interest in offering you the desired functionalities of our website.
The placement of our consent cookie is based on our legal obligation to obtain your consent and to document this consent (Art. 6 para. 1 p. 1 lit. a DSGVO in conjunction with Art. 7 para. 1 DSGVO).
The setting of statistics cookies, which help us to understand how our visitors use our website, and cookies for the purpose of delivering additional, technically unnecessary functions of our website, takes place after your express consent. 

  • When using the videos, cookies are set via Vimeo. 
  • Cookies are set by Google Maps when using Google Maps maps.
  • When using Google Analytics, cookies are set by Google Analytics.
  • When using Google Marketing Platform, cookies are set by Google.

4.1.12 Integration of third-party services and content
Vimeo
We can use the videos of the platform "Vimeo" of the provider Vimeo Inc, Attention: Legal Department, 
555 West 18th Street New York, New York 10011, USA. We use this service to be able to show you videos on our website. Privacy Policy:
https://vimeo.com/privacy. We would like to point out that Vimeo may use Google Analytics and refer to the data protection declaration 
refer to the data protection declaration (https://www.google.com/policies/privacy) as well as to the 
Opt-out options for Google Analytics (http://tools.google.com/dlpage/gaoptout?hl=de) or Google's settings for data use for marketing purposes (https://adssettings.google.com/.). 
The service is only integrated with your express consent in accordance with Art. 6 Para. 1 lit. a) DSGVO.

Google Maps
We integrate the maps of the "Google Maps" service of the provider Google LLC, 1600 Amphitheatre
Parkway, Mountain View, CA 94043, USA. We use this service to be able to show you maps. The data processed may include in particular 
IP addresses and location data of the users, which, however, are not collected without their consent (usually executed as part of the settings of their mobile devices). The data may be processed in the USA. Privacy policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.
The service is only integrated with your express consent in accordance with Art. 6 Para. 1 lit. a) DSGVO.

Google Analytics:
Google Analytics is a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Data is also regularly transmitted to Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) as part of the processing described below. 
Google uses the information generated by the cookies on our behalf for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage. This enables us to improve the quality of our website and its content. We learn how the website is used on the basis of statistical analysis and can thus continuously optimise our offer. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transmission. The IP address is processed in anonymised form.
You can find more information on the handling of user data at Google Analytics and the security and data protection principles as well as setting and objection options in the Google data protection declaration, available via the following link: https://support.google.com/analytics/answer/6004245?hl=de
The service is only integrated with your express consent in accordance with Art. 6 Para. 1 lit. a) DSGVO.

Google Marketing Platform (Google Double Click)
Our website also uses other services of the Google Marketing Platform (formerly "Google Doubleclick") of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94034, USA. These services use cookies to display ads that are relevant to users, to improve campaign performance reports or to prevent a user from being served ads more than once.  
Google uses a cookie ID to record which ads are displayed in which browser and can thus prevent them from being displayed more than once. In addition, Google can use cookie IDs to record so-called conversions, i.e. whether a user sees an ad and later visits the advertiser's website and makes a purchase there. According to Google, these cookies do not contain any personal information.
Your browser automatically establishes a direct connection with Google's server. We have no influence on the scope and further use of the data collected by Google through the use of this service. According to Google, the integration of these services provides Google with the information that you have called up the relevant part of our website or clicked on one of our advertisements. If you are registered with a Google service, Google can assign the visit to your user account. Even if you are not registered with Google or have not logged in, it is still possible for the provider to obtain and store your IP address.
In addition, cookies enable us to understand whether you perform certain actions on our website after you have called up or clicked on one of our ads on Google or on another platform (conversion tracking) ("floodlight"). Google uses this cookie to understand the content you have interacted with on our websites in order to send you targeted advertising later. 
You can prevent the tracking process by making the appropriate setting in your browser software (e.g. third-party cookies deactivated), deactivating cookies for conversion tracking by blocking cookies from the domain www.googleadservices.com in your browser settings, with regard to interest-based ads from the providers that are part of the self-regulation campaign "About Ads" via the link http://www.aboutads.info/choices or at the link http://www.google.com/settings/ads/. We would like to point out that in this case you may not be able to use all functions of this offer to their full extent.
Further information on the Google Marketing Platform is available at https://marketingplatform.google.com/. You can also find further information at the Network Advertising Initiative (NAI) at http://www.networkadvertising.org/.
The service is only integrated with your express consent in accordance with Art. 6 Para. 1 lit. a) DSGVO.

Google Tag Manager
The Google Tag Manager is a tool of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Data is also regularly transmitted to Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) as part of the processing described below.
The Tag Manager is used to manage so-called tags in a graphical interface and to use them in a website. The tags are components such as Google Analytics or other marketing tools that can be used on our website.
The use of the tag manager greatly simplifies the maintenance of the website and enables a faster reaction to necessary changes. This enables Google to know that our website has been accessed via your IP address. Further details can be found at
https://www.google.com/intl/de/tagmanager/use-policy.html.
The service is only integrated with your express consent in accordance with Art. 6 Para. 1 lit. a) DSGVO.

Mouseflow
This website uses the Mouseflow tool. The provider is Mouseflow ApS, Flaesketorvet 68, 1711 Copenhagen, Denmark.
Mouseflow is a tool for the analysis of your user behaviour on this website. To this end, cookies are placed in your browser. With Mouseflow, among other things, we can record your mouse and scrolling movements, keyboard entries, use of form and evaluation fields, referrer URLs and IP addresses (optional). In so doing, Mouseflow can also determine how long you remain on a certain point with your mouse cursor. This information is used to generate so-called heat maps, with which it can be determined which website areas visitors are more inclined to look at.
Furthermore, we can determine how long you have remained on a page, and when you left this page. We can also determine the point at which you aborted the inputting of information into a contact form (so-called conversion funnels).
These processing operations only take place provided express consent has been granted, in accordance with Art. 6 Para. 1 (a) DS-GVO.
Detailed information on Mouseflow can be found at: Behavioural analysis ecosystem for optimal website UX (mouseflow.com).

4.2 PROVISIONS FOR CUSTOMERS AND INTERESTED PARTIES 
These provisions also apply to our kitchen planner and our extranet.

4.2.1 Why does the company process my data?
We process your data to fulfil mutual obligations arising from the contractual relationship (which may be in the process of being established), to fulfil legal obligations, on the basis of your consent or because we have a legitimate interest in processing data for our applications. These may be applications and portals, such as kitchen planners, supplier portals, an extranet or other services provided to the user. 
Furthermore, this also includes communications such as by e-mail. Our legitimate interest lies in the provision and recording of information (user-related and general) and the provision of functionalities for initiating business (e.g. kitchen planning) in order to provide customers/prospective customers/business partners with information and to exchange information:

  • provide information and exchange information with each other
  • simplify the planning and use of our products
  • to provide the functionality of the applications and portals

If you have consented to the processing of your data, we also process your data for analysis and advertising cookies (see point 4.2.11) and registration in the respective portals mentioned above. 

4.2.2 Why are we allowed to do this?
Data protection law allows us (pursuant to Article 6 (1) sentence 1 lit. b DSGVO) to process data that is necessary for the performance of a contract or for the implementation of pre-contractual measures. If you voluntarily provide us with things about yourself that go beyond what is necessary or give us consent (e.g. for marketing purposes such as our newsletter), data protection law allows us to do so in the context of consent (pursuant to Article 6 (1) sentence 1 lit. a DSGVO). Data protection law allows us to process your data in Article 6 (1) sentence 1 lit. c DSGVO if there is a legal obligation to do so or in accordance with Article 6 (1) sentence 1 lit. f) DSGVO if we have a legitimate interest (see 4.1).

4.2.3 What data do we process?
For the use of our forms / contact via email based on our legitimate interest in processing your request:

  • E-mail address
  • Name
  • Request/content/attachments
  • Header data of the sending e-mail server and, if applicable, parameters from DNS entries.

For applications and portals on the basis of our legitimate interest in granting access to the corresponding applications/portal exclusively to an authorised group of users: 

  • Contact data (such as name, email).
  • User master data (such as user name/ID)
  • Usage and traffic data (such as IP address)
  • Technical documentation and log data (such as amount of data transferred, pages of the offer visited).

4.2.4 Who can receive data from me?
In the course of processing, your data may be transmitted to:

  • Persons within our company who are directly involved in data processing (e.g. marketing, sales, purchasing).
  • Service providers who are contractually bound and obliged to maintain confidentiality as well as other external bodies (companies, authorities, etc.) if this is necessary. 

4.2.5 Will you transfer data from me to countries outside the European Union?
Within the scope of the Google applications and Matomo (see point 4.2.11), your data may be transferred outside the European Union (USA and New Zealand). Legal basis: Article 6 paragraph 1 sentence 1 lit. a DSGVO, Article 49 paragraph 1 lit. a DSGVO. Unauthorised inspection by (US) authorities cannot be ruled out. 

4.2.6 How long will you store my data?
Google Analytics: If you have consented via Consent, the retention period is 26 months. 
Matomo: 
We will store your data for as long as we need it to achieve the purposes set out in 4.2.1 above. However, there are legal regulations (e.g. the German Fiscal Code § 147) that require us to keep certain documents for six or ten years. After the retention period has expired, we delete data that is no longer required. 

4.2.7 Do I have to provide my data?
In order to achieve the reasons outlined in point 4.2.1 (contractual relationship), it is necessary for you to provide us with your personal data. This is mandatory or legally required for the fulfilment of the contract with you. If you do not provide us with the data, we will not be able to fulfil the contract with you. 
For the other reasons in point 4.2.1, it is not necessary for you to provide us with your personal data.  

4.2.8 Automated decision-making / profiling
Automated decision-making / profiling does not take place.

 4.2.9 Origin of data
We obtain the data through your visit to our websites, the use of our portals or through your voluntary information. 

4.2.10 Cookies
We use cookies within our web services. The contents and storage periods are displayed before entering the web service and can be set.
We only use session cookies for user guidance. These are small text files that are temporarily placed on your computer and stored on your browser, e.g. for logging in or for more comfortable use of our website. The session cookies are automatically deleted when you close your browser.
you close your browser. You can set your browser to inform you about the placement of cookies.
placement of cookies. This makes the use of cookies transparent for you. The placement of session cookies is based on our legitimate interest in offering you the desired functionalities of our website.
Statistics cookies are set with your express consent. Statistics cookies collect information anonymously. This information helps us to understand how our visitors use our website: 

  • When using Matomo, cookies are set via Matomo. 
  • When using Google Analytics, cookies are set by Google Analytics.
  • When using Google Tag Manager, cookies are set by Google.

4.2.11 Integration of third-party services and content
The following cookie providers are used on our customer and prospective customer portals and services, depending on the specific portal/service used:
Matomo:
"Matomo" (formerly "Piwik") is a web analytics service provided by InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand. Matomo stores cookies on your terminal device that enable an analysis of your use of our website. Matomo is used here with the setting "Anonymize Visitors' IP addresses". This means that IP addresses are processed in abbreviated form to prevent direct personal references. The software is set so that the IP addresses are not stored in full, but 2 bytes of the IP address are masked (e.g. 192.168.xxx.xxx). In this way, it is no longer possible to assign the shortened IP address to the calling computer or to specific persons. The IP address transmitted by your browser via Matomo is not merged with other data collected by us. No data is actively stored on the user's terminal device.
Further information on data protection can be found in the Matomo data protection declaration at: https://matomo.org/privacy/.
Google Tag Manager
The Google Tag Manager is a tool of the company Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Data is also regularly transmitted to Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) as part of the processing described below. 
The Tag Manager is used to manage so-called tags in a graphical interface and to use them in a website. The tags are components such as Google Analytics or other marketing tools that can be used on our website. The use of the tag manager greatly simplifies the maintenance of the website and enables a faster reaction to necessary changes. This enables Google to know that our website has been accessed via your IP address. Further details can be found at https://www.google.com/intl/de/tagmanager/use-policy.html.
Google Analytics:
Google Analytics is a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Data is also regularly transmitted to Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) as part of the processing described below.
Google uses the information generated by the cookies on our behalf for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage. This enables us to improve the quality of our website and its content. We learn how the website is used on the basis of statistical analysis and can thus continuously optimise our offer. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transmission.
You can find more information on how Google Analytics handles user data and the security and data protection principles as well as setting and objection options in Google's data protection declaration, which can be accessed via the following link: https://support.google.com/analytics/answer/6004245?hl=de

4.3 PROVISIONS FOR APPLICANTS
The following provisions apply to our career portal.

4.3.1 Why does the company process my data?
The company processes your data to establish the employment relationship and to fulfil legal obligations. Before you decide for us and we decide for you, we would like to get to know each other. In the first step, we regularly use the information and documents that you send us in writing or in text form. The next step is to get to know each other personally, during which we learn even more about each other. The purpose of this data collection is to make a well-founded decision for a long-term relationship.

4.3.2 Why is the company allowed to process my data?
Data protection law allows (according to § 26 paragraph 1 sentence 1 BDSG in conjunction with Article 88 paragraph 1 DSG-VO) the collection of data that is necessary for the establishment of the employment relationship. If you voluntarily tell us things about yourself that go beyond what is necessary, data protection law allows us to do so within the framework of consent (pursuant to Article 6(1) sentence 1 lit. a DSGVO). Your consent is also the legal basis for our processing if we include your application in our applicant pool.
The legal basis for the collection of the above-mentioned mandatory data is Section 26 (1) sentence 1 BDSG in conjunction with Article 88 (1) DSGVO.


4.3.3 What data is collected from me?

  • We will collect the following categories of data from you: Personal data, e.g. name, date of birth, address
  • Data on your qualifications, e.g. school education, professional training
  • Private e-mail address, telephone no.
  • Information on how you became aware of us
  • Information on whether you have already been employed by us
  • Other information you provide to us as part of the application process (e.g. photo, salary expectations)

4.3.4 Who can receive data from me?

  • Persons within our company and our affiliated companies who are directly involved in data processing (e.g. HR department, direct supervisor, responsible department, management)
  • Service providers who are contractually bound and obliged to maintain confidentiality and who perform partial data processing tasks.
  • External companies, if this is necessary. Examples are postal service providers for the delivery of letters.

4.3.5 Will you transfer data from me to countries outside the European Union?
We do not plan to do this. An exception to this would only be conceivable if you were to arrange this, e.g. if you were to give us the account details of a bank outside the European Union to which we should transfer money. The legal basis for this is Article 6(1)(b) DSGVO, Section 24 BDSG n.F., Article 49(1)(b) DSGVO.

4.3.6 How long will you store my data?
If you apply for a job with us via the career portal or by other means and send us application documents for this purpose, we will only process the personal data you provide in this context for the purpose of the application process.
If you have applied for an advertised position, the documents will be automatically deleted six months after completion of the application process, unless there are legitimate interests that prevent deletion (e.g. necessity in the context of a legal dispute). In the case of an application without reference to an advertised position (unsolicited application) or consent to inclusion in the application pool, the application will be kept for a maximum period of one year in order to contact you, if necessary, regarding a vacancy arising during this time. You have the option of requesting the deletion of your application at any time, even before the expiry of the retention periods provided for. In the event of a successful application, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the legal requirements.

4.3.7 Do I have to provide my data? 
In order to achieve the reasons outlined in point 4.3.1, it is necessary for you to
provide us with your personal data. An employment relationship cannot be established if you do not send us your application. Inclusion in our applicant pool is not possible if you do not consent to such inclusion and provide us with your application for this purpose.

4.3.8 Automatic decision-making / profiling
Automatic decision-making / profiling does not take place.

4.3.9 Origin of data
We receive your data from you as part of the application process.

4.3.10 Cookies
We use cookies within our career portal. The contents and storage periods are displayed before entering the web service and can be set.
Within the scope of our career portal, we only use session cookies. These are small text files that are temporarily placed on your computer and stored on your browser, e.g. for logging in or for more convenient use of our website. The session cookies are automatically deleted when you close your browser. You can set your browser to inform you about the placement of cookies.
placement of cookies. This makes the use of cookies transparent for you.

5. WHAT RIGHTS DO I HAVE?
5.1 Information about your rights
As a data subject of a data processing operation, you have, among others, the following rights under the General Data Protection Regulation (hereinafter also referred to as "data subject rights" for short):

5.2 Information rights (according to Article 15 DS-GVO).
You have the right to request information about whether or not we are processing personal data relating to you. If we process personal data about you, you have the right to know,

  • why we process your data (see also point 4.1);
  • what types of data we process from you;
  • what types of recipients, data from you will or should be received by (see also point 4.3);
  • how long we will store your data; if it is not possible to specify the storage period, we must state
  • how the storage period is determined (e.g. after expiry of statutory retention periods) (see also point 4.5);
  • that you have a right to rectification and deletion of the data concerning you, including the right to restrict processing and/or the possibility to object (see also points 5.2, 5.3 and following);
  • that you have the right to lodge a complaint with a supervisory authority; where your data originates from if we have not collected it from you directly; whether your data is used for automated decision-making and, if this is the case, to find out which logic underlies the decision and what effects and scope the automated decision may have for you;
  • that if data about you is transferred to a country outside the European Union, you have the right to be informed whether and, if so, on the basis of which guarantees an adequate level of protection is ensured for the recipient of the data;
  • that you have the right to request a copy of your personal data. Copies of data are always provided in electronic form.

The first copy is free of charge; an appropriate fee may be charged for further copies. A copy can only be provided insofar as the rights of other persons are not affected by this.

5.3 Right to rectification of data (according to Article 16 DS-GVO)
You have the right to demand that we correct your data if it is incorrect and/or incomplete. This right also includes the right to completion through supplementary declarations or notifications.
Correction and/or completion must take place without culpable hesitation.

5.4 Right to erasure of personal data (according to Article 17 DS-GVO)
You have the right to request that we delete your personal data if

  • the personal data is no longer necessary for the purposes for which it was collected and processed;
  • the data processing is based on consent given by you and you have revoked your consent; however, this does not apply if another legal permission for the data processing exists;
  • you have objected to data processing, the legal permission for which lies in the so-called "legitimate interest" (according to Article 6(1)(e) or (f));
  • however, deletion need not take place if there are overriding legitimate grounds for further processing;
  • you have objected to data processing for the purpose of direct marketing;
  • your personal data have been processed unlawfully;
  • it is a child's data collected for information society services (=electronic service) on the basis of consent (pursuant to Art. 8 (1) DSGVO).
  • There is no right to erasure of personal data if
  • the right to freedom of expression and information precludes the request for erasure;
  • the processing of personal data
  • to comply with a legal obligation (e.g. statutory retention obligations),
  • for the performance of public duties and interests under applicable law (this includes "public health"), or
  • is necessary for archiving and/or research purposes;
  • the personal data is necessary for the assertion, exercise or defence of legal claims.

The deletion must take place immediately (without culpable delay). If personal data has been made public by us (e.g. on the Internet), we must ensure, as far as is technically possible and reasonable, that other data processors are also informed of the deletion request, including the deletion of links, copies and/or replications.

5.5 Right to restriction of data processing (according to Article 18 DS-GVO)
You have the right to have the processing of your personal data restricted in the following cases:

  • If you have disputed the accuracy of your personal data, you may request that we do not use your data for any other purpose for the duration of the verification of the accuracy and thus restrict its processing.
  • In the event of unlawful data processing, you can demand that we restrict the use of your data instead of deleting it;
  • If you need your personal data to assert, exercise or defend legal claims, but we no longer need your personal data, you can request that we restrict processing to the purposes of legal proceedings;
  • If you have objected to data processing (pursuant to Art. 21 (1) DSGVO) (see also point 5.7) and it is not yet clear whether our interests in processing outweigh your interests, you may request that your data not be used for other purposes for the duration of the review and thus that its processing be restricted.
  • Personal data whose processing has been restricted at their request may - subject to storage - only be 
  • with their consent, 
  • for the assertion, exercise or defence of legal claims,
  • to protect the rights of other natural or legal persons, or
  • for reasons of important public interest.

If a restriction on processing is lifted, you will be informed of this in advance.

5.6 Right to data portability (according to Article 20 DS-GVO)
You have the right to request the data you have provided to us in a commonly used electronic format (e.g. as a PDF or Excel document).
You may also request us to transfer this data directly to another (designated) company, provided that this is technically possible for us.
The prerequisite for you to have this right is that the processing is carried out by on the basis of consent or for the performance of a contract (see point 4.2) and is carried out using automated processes.
The exercise of the right to data portability does not affect the rights and freedoms of other persons.
If you use the right to data portability, you still have the right to data erasure according to Article 17 DS-GVO.

5.7 Right to object to certain data processing (according to Article 21 DS-GVO)
If your data are processed for the performance of tasks in the public interest or for the performance of legitimate interests (see point 4.2), you may object to this processing. To do so, you must provide us with the reasons for your objection that arise from your particular situation. These can be, for example, special family circumstances or confidentiality interests worthy of protection.
In the event of an objection, we must refrain from any further processing of your data for the purposes mentioned under point 4.1, unless,

  • there are compelling legitimate grounds for processing which override your interests, rights and freedoms, or
  • the processing is necessary for the assertion, exercise or defence of legal claims.

You may object to the use of your data for the purpose of direct marketing at any time; this also applies to profiling insofar as it is related to direct marketing. In the event of an objection, we may no longer use your data for the purpose of direct advertising.
-> Direct advertising and/or profiling will not be initiated or carried out by us in any case.

5.8 Prohibition of automated decisions/profiling (according to Article 22 DS-GVO)
Decisions by us that entail a legal consequence for you or significantly affect you may not be based exclusively on automated processing of personal data. This also includes profiling. This prohibition shall not apply insofar as the automated decision is

  • is necessary for the conclusion or performance of a contract with you,
  • is permissible on the basis of legal provisions, if these legal provisions contain appropriate measures to protect your rights and freedoms as well as your legitimate interests, or
  • is carried out with your express consent.
  • Decisions based solely on the automated processing of special categories of personal data (= sensitive data) are only permitted if they are made on the basis of
  • your explicit consent, or
  • there is a substantial public interest in the processing

and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.

5.9 Exercise of data subject rights
To exercise your data subject rights, please contact the offices listed under point 3. Requests submitted electronically are usually answered electronically. The information, notifications and measures to be provided in accordance with the GDPR, including "the exercise of data subject rights, are generally provided free of charge. Only in the case of manifestly unfounded or excessive requests are we entitled to charge an appropriate fee for processing or to refrain from taking action (according to Article 12(5) of the GDPR).
If there is reasonable doubt about your identity, we may request additional information from you for the purpose of identification. If we are unable to identify you, we are entitled to refuse to process your request. If we are unable to identify you, we will notify you separately, where possible. (see Article 12(6) and Article 11 DS-GVO).
As a rule, requests for information and disclosure will be processed without delay, within one month of receipt of the request. The deadline may be extended by a further two months where necessary, taking into account the complexity and/or number of requests; in the event of an extension of the deadline, we will inform you of the reasons for the delay within one month of receiving your request. If we do not act on a request, we will inform you without delay, within one month of receipt of the request, of the reasons for this and inform you of the possibility of lodging a complaint with a supervisory authority or seeking a judicial remedy. (see Article 12(3) and (4) of the GDPR).
Please note that you can only exercise your data protection rights within the limits and restrictions provided for by the Union or the Member States. (Article 23 DS-GVO)
In the event of complaints, you can contact the competent supervisory authority at any time. For our company, the supervisory authority mentioned in point 3.3. is responsible. You have the right to have this judicially reviewed, according to Article 78 DSGVO, against a supervisory authority as well as, according to Article 79 DSGVO against our company.

6. revocation
If we process your data on the basis of your consent pursuant to Art. 6 (1) a) DSGVO, you may exercise your right of revocation at any time with effect for the future. To do so, please send your revocation to info(at)haecker-kuechen.de.

7. SOCIAL MEDIA
We are represented in social media with our own pages. We are not the responsible party (original provider) of the page. It is possible that your data will be processed outside the European Union or the European Economic Area. For this reason, we draw your attention to the fact that this may result in data protection risks for you and may make it more difficult for you to enforce your rights (information, deletion, objection, etc.). Social networks often use analysis tools for user behaviour without us having any influence on this. 
The legal basis for the processing of personal data is Art. 6 para. 1 lit. f DSGVO (legitimate interest) as well as Art. 6 para. 1 lit. a DSGVO in conjunction with Art. 7 DSGVO, if we have a legitimate interest. Art. 7 DSGVO, if you give your consent to the data processing with the respective provider. 
Further information on the providers used is provided below:

7.1 Facebook
Responsible for data processing in Europe:
Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Data protection declaration (data policy):
https://www.facebook.com/about/privacy
Opt-out and advertising settings:
https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen

7.2 Instagram
Data controller in Europe:
Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Privacy Policy (Data Policy):
http://instagram.com/legal/privacy/
Opt-out and advertising settings:
https://www.instagram.com/accounts/privacy_and_security/

7.3 Pinterest
Data controller in Europe:
Pinterest Europe Ltd Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.
Privacy Policy (Data Policy):
https://policy.pinterest.com/de/privacy-policy
Opt-out and advertising settings:
https://help.pinterest.com/de/article/personalization-and-data